“PIIs and Crypto” Here’s how Nigerian man ‘defrauded’ the US of $10m in COVID-19 benefits

Earlier this week, a Nigerian man named Yomi Jones Olayeye was arrested for allegedly conspiring to defraud the United States government of over $10 million in COVID-19 unemployment benefits.

According to a statement released by the U.S. Attorney’s Office in the District of Massachusetts, the suspect, Yomi Jones Olayeye, also known as “Sabbie,” was taken into custody on August 13th after arriving at John F. Kennedy International Airport in New York.

Olayeye, who hails from Lagos, Nigeria, stands accused of masterminding a scheme between March and July 2020 that targeted three pandemic assistance programs managed by the Massachusetts Department of Unemployment Assistance: the traditional Unemployment Insurance (UI), the Pandemic Unemployment Assistance (PUA), and the Federal Pandemic Unemployment Compensation (FPUC).

How Olayeye perpetrated the COVID-19 unemployment fraud

According to the statement from the attorney’s office, Olayeye and the other accused acquired the Personally Identifiable Information (PIIs) of Americans eligible for the funds.

“Specifically, Olayeye and his co-conspirators allegedly used personally identifiable information (PII) they purchased over criminal internet forums to apply for UI, PUA and FPUC – falsely representing themselves to be eligible state residents affected by the COVID-19 pandemic,” the attorney’s office’s statement reads.

Neusroom’s research defines ‘Personally identifiable information (PII)’ as information that can identify an individual when used alone or with other relevant data. PII may include direct identifiers, such as passport information, that can uniquely identify a person, or quasi-identifiers, such as race, that can be combined with other quasi-identifiers, like date of birth, to successfully recognize an individual.

Sensitive personally identifiable information can include your full name, Social Security number, driver’s license, financial information, and medical records.
Nonsensitive personally identifiable information is easily accessible from public sources and can include your ZIP code, race, gender, and date of birth.

As the world continues to advance in the digital age, PII’s are demanded by big tech companies for several reasons. However, regulations in the US mandate that sensitive information is not divulged unless necessary. Also, big data companies are responsible for keeping the information of their users safe from data breaches and the reach of cybercriminals.

Unfortunately, cybercriminals breach data systems to access PII and then sell it to willing buyers in underground digital marketplaces. This is how Olayeye accessed the PII of several Americans to apply for at least $10 million in fraudulent UI, PUA and FPUC from Massachusetts, Hawaii, Indiana, Michigan, Pennsylvania, Montana, Maine, Ohio and Washington and received more than $1.5 million in assistance to which they were not entitled.  

Read also: How Hushpuppi conspired with Canadian, North Korean military hackers to steal $14.7m from Malta bank

“Olayeye and his co-conspirators allegedly used the same fraudulently obtained PII to open U.S. bank and prepaid debit card accounts to receive the assistance payments.”

“It is also alleged that Olayeye and his co-conspirators recruited U.S.-based account holders to receive and transfer the fraud proceeds via cash transfer applications.”

The perpetrators then used the fraudulent proceeds to purchase Bitcoin via online marketplaces. Many people in the world have opposed the adoption of cryptocurrencies like Bitcoin because of its untraceability and anonymity.

It is further alleged that Olayeye and his co-conspirators concealed the conspiracy’s connection to Nigeria by leasing Internet Protocol addresses assigned to computers located in the United States for use in fraudulent transactions.

Possible punishments for Olayeye and co-conspirators

Since the pandemic, the United States recorded different cases of fraud related to COVID-19. In May 2021, the Attorney General established the COVID-19 Fraud Enforcement Task Force to marshal the resources of the Department of Justice in partnership with agencies across the government to enhance efforts to combat and prevent pandemic-related fraud.

The Task Force bolsters efforts to investigate and prosecute the most culpable domestic and international criminal actors and assists agencies tasked with administering relief programs to prevent fraud by augmenting and incorporating existing coordination mechanisms, identifying resources and techniques to uncover fraudulent actors and their schemes, and sharing and harnessing information and insights gained from prior enforcement efforts.

The charges of wire fraud and wire fraud conspiracy provide for a sentence of up to 20 years in prison, three years of supervised release, a fine of $250,000 or twice the gross gain or loss, forfeiture and restitution.

The charge of aggravated identity theft calls for a mandatory minimum sentence of two years in prison to be added to any sentence imposed on the wire fraud charge. Sentences are imposed by a federal district court judge based upon the U.S. Sentencing Guidelines and statutes which govern the determination of a sentence in a criminal case.